Analyzing the Windows Registry

The Windows Registry is one of the essential components of the current Microsoft Windows operating systems and thus also a very important point in a forensic investigation. It performs two critical tasks for the Windows operating system. First, it is the repository of settings for the Windows operating system and the applications that are installed on the system. Second, it is the database of the configuration of all installed hardware. Microsoft defines the registry as follows:

"A central hierarchical database used in Microsoft Windows 98, Windows CE, Windows NT, and Windows 2000 used to store information that is necessary to configure the system for one or more users, applications and hardware devices." (Microsoft ...

Get Mastering Python Forensics now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mastering Python Forensics by Dr. Michael Spreitzenbarth, Dr. Johann Uhrmann

Analyzing the Windows Registry

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly